Zomato Explains about Massive Security Breach

The more the technology we use the more the risks we should face. From the past few days cyber crimes are hitting headlines continuously starting with WannaCry Ransomware and followed by Zomato Database breach questioning Cyber Security.

Zomato is one of India’s largest restaurant and food delivery app. On 18th May it announced that nearly 17 million user data had been stolen including email addresses, names and protected passwords. Later the breached data is put up for sale on a dark web market place for $1000.

Zomato, in its blog update explained how the hack has been done.

It explained that hacker got one of its developer’s credentials from the leak of web hosting service’s details happened in 2015. The developer used the same combination of username and password on Github, a portal used for sharing code. From here the hacker got a part of code for which the developer had access to.

After finding data in dark web market place for sale, Zomato contacted the hacker. They claimed that the hacker took off the data from dark web after they agreed to the demands of the hacker.

Zomato made Dual Authentication Factor mandatory “a few months back” but the hacker had access since last year. It was now the hacker chose to exploit it.

They said that they have taken steps to prevent exploits on Zomato’s infrastructure from the leaked code. And also a positive aspect, they stated that the leaked code is more and more out of date.

After all this, Zomato is thinking to hold a better bug bounty program where security researchers and ethical hackers are rewarded for finding and highlighting bugs in the system.